package com.xrx.webtemplate.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Created by xierongxian on 2017/4/23.
 * 重写shiro自带过滤器 实现根据URL 进行权限过滤
 */
public class MyAccessControFilter extends AccessControlFilter {


    /**
     * 判断当前用户是否具备权限
     * */
    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {
        Subject subject=getSubject(servletRequest,servletResponse);
        //判断permission是否匹配 因为自己重写了permission 所以会根据url的格式去对比权限字符串
        return subject.isPermitted(getPathWithinApplication(servletRequest));
    }
    /**
     * 如果不具备执行的方法
     * */
    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        //如果没有匹配可以跳转至相应提示页面
        HttpServletResponse response=(HttpServletResponse)servletResponse;
        HttpServletRequest request=(HttpServletRequest)servletRequest;
        response.sendRedirect(request.getContextPath()+"/page/404.jsp");
        return false;
    }


}
